It seems that usesCleartextTraffic is set to true by default and that caused my App could not pass the client’s pentest (security tester). Is there a way to set usesCleartextTraffic = false? I did try in “android/app/src/main/AndroidManifest.xml” but it is ignored when Expo building.
Also tried to put usesCleartextTraffic to app.json but got error.
Since you’re on Expo SDK 39 and you say that editing AndroidManifest.xml makes no difference, it seems that you are building using expo build:android?
In a managed app you should not even have android or ios directories, so you would not be able to directly edit AndroidManifest.xml. If you want to do something like that you would need to use EAS Build, which would require you to upgrade to at least Expo SDK 41 (I think) or SDK 42. You would also need to write a config plugin to make the changes to AndroidManifest.xml during the build process.
See here for an example of what the config plugin might look like:
and you’d reference it from the plugins array in app.json: